Guide7 min read

Is It Safe to Use AI for Manufacturing?

Yes for the method, no for your secrets: never enter a bill of materials, process parameters, supplier pricing or control-system details into a consumer AI.

By Pierre de ONYRI

The answer fits in one line. AI can help you with the method, but not with your industrial secrets. It can optimise a process, draft a supplier contract, or guide a repair. For that, it needs none of your real bill of materials, none of your process parameters, none of your negotiated prices. Pasted into a consumer ChatGPT, those details go to a third party. They can be stored and reviewed. And a trade secret is protected only while it stays secret. There is a clean method: anonymise the sensitive specifics before you send, and keep control systems out of public tools.

Your industrial secrets are the crown jewels

In industry, the value often lives in the know-how. A formula. Process parameters. Tolerances. Tooling. A full bill of materials, the BOM, meaning the list of components and materials. These can be worth more than any finished product. Together they form a map that your rivals would love to read.

The law protects them as trade secrets. But that protection has one central condition. WIPO (the World Intellectual Property Organization) explains that information is a trade secret only if it meets three tests. It is genuinely secret, so not generally known or readily accessible in the relevant field. It has commercial value because it is secret. And its holder has taken reasonable steps to keep it secret.

Here is the key point. Secrecy is the condition of protection. WIPO notes that a trade secret needs no registration and can be protected for an unlimited time. But only as long as the information stays confidential. Protection ends once the information becomes public or is no longer treated as confidential. Voluntarily disclosing a formula or a BOM to an outside party can therefore weaken the very status that protects it.

What EU law says: Directive 2016/943

In Europe, Directive (EU) 2016/943 harmonises trade-secret protection. It targets the unlawful acquisition, use and disclosure of undisclosed know-how and business information across the internal market. It gives the holder access to civil remedies when a trade secret is misappropriated.

The Directive uses the same three-part test as WIPO. It treats certain acquisitions, uses or disclosures as unlawful, in defined cases. But it also recognises lawful and exempt cases. Freedom of expression. Whistleblowing on wrongdoing in the public interest. Disclosures permitted by law. The lesson is simple. Protection hinges on how the information was handled and kept confidential, not merely on its value.

The cyber risk: stored queries and control systems

There is also a security angle. The NCSC (the National Cyber Security Centre, the UK's cyber authority) has a clear stance on public LLMs. Queries typed into a public service like ChatGPT are visible to the provider. They are stored. They may be used to develop the model in future. The provider, its partners or its contractors could in principle read what you submitted. NCSC's practical advice is blunt: do not include sensitive or confidential information in your prompts.

The NCSC does not call for a blanket ban. It frames the risk as manageable. Organisations should classify their data. Set clear usage policies. Train staff. And prefer business or enterprise-tier products, which carry contractual protections on data handling. The NCSC also flags a persistent weakness: prompt injection in systems that integrate an LLM.

For a manufacturer, this targets a precise category. The details of your control systems. A programmable logic controller, or PLC. The plant's network diagrams. Sharing these does not just create a privacy risk. It creates a security exposure. These details must stay out of public tools, full stop.

Data pasted into the AIWhy it is sensitive
Formula, tolerances, process parametersTrade secret: protection ends if the secret is no longer kept
Bill of materials (BOM), toolingA full map of the product, valuable to a competitor
Supplier list, negotiated pricing, contract termsCommercially sensitive, often bound by a confidentiality agreement
PLC, network diagram, control systemA security exposure (OT), not just a privacy one
Worker and workplace safety recordsPersonal data, subject to data-protection law
The risk isn't talking industry with an AI — it's the production details you leave behind in the prompt.

Don't forget personal data and regulated tech

Two more categories deserve your attention. First, personal data. Your worker records and workplace safety logs are still personal data. They fall under data-protection law, such as the GDPR. A consumer AI is not the right place for them.

Second, some designs may be export-controlled. This is a general point to note. It depends on the specific technology and the jurisdiction, for example so-called dual-use regimes. Careless disclosure can then carry separate legal weight. The message is not to invoke a named regime. It is to know that some data must never leave the plant.

The fix: anonymise before you send

Good news: AI is still useful for industry. It can explain an optimisation method. Compare maintenance approaches. Structure a contract draft. For that, it reasons about the shape of your problem, not your real values. Anonymise the sensitive specifics, and the help arrives without the risk.

  • Part references and bill-of-materials numbers.
  • Process parameters, tolerances and formulas.
  • Supplier names, negotiated pricing and contract terms.
  • PLC details, network diagrams and control systems (keep these out of public tools).
Two-part diagram: at top, a blueprint sheet with a bill of materials and a supplier-pricing row in the clear (amber) travels toward an AI card that receives the exposed drawing, with an amber high-risk alert and a factory gear glyph beside it; at bottom, the same drawing anonymized shows only cobalt tokens, and the AI receives only tokens behind a shield with a checkmark.
After WIPO's Trade Secrets FAQ, Directive (EU) 2016/943 (EUR-Lex) and the NCSC's guidance on ChatGPT and large language models.

The steps are simple. You prepare your question. You replace each sensitive detail with a token. The AI works on the structure. Then you restore the real values in its reply, locally, on your own machine.

  1. 1Spot the secrets in your text: references, parameters, prices, suppliers.
  2. 2Replace them with reversible tokens, in the browser.
  3. 3Send only the anonymized text to the AI.
  4. 4Restore the real values in the reply, locally.
  5. 5For regular use, prefer an enterprise tool with a signed data agreement and no-training terms.

That's what ONYRI Sanitize is for. The engine detects sensitive data — part references, parameters, prices, supplier names — and replaces it with reversible tokens before sending. Detection and the mapping stay in your browser. Only anonymized text reaches the model. The AI finds only tokens, never your real industrial secrets. You keep the help of AI, without weakening the trade-secret protection that WIPO, Directive 2016/943 and the NCSC ask you to defend.

Frequently asked questions

Is it safe to use AI for manufacturing?
Yes for the method, no for your secrets. AI can optimise a process, structure a contract or guide a repair with no real data. But never enter your bill of materials, your process parameters, your supplier pricing or your control-system details into a consumer ChatGPT. A trade secret is protected only while it stays secret, and the NCSC warns these queries are stored. Anonymise those details before you send.
Does pasting my bill of materials or parameters into AI destroy my trade secret?
Not automatically, but it can weaken it. WIPO explains that a trade secret is protected only if it stays secret and you take reasonable steps to keep it that way. Handing this data to a consumer AI, where it is stored, is not a reasonable step. It can weaken the confidentiality the whole protection depends on. The fix is to anonymise before you send.
Can I share PLC or network details with an AI?
No, keep them out of public tools. Control-system, PLC or plant-network details create a security exposure, not just a privacy one. The NCSC advises classifying your data and preferring enterprise products with contractual protections. For these critical items the rule is simple: they do not leave the plant.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next